[Buildroot] [PATCH 1/1] package/gupnp: security bump to version 1.2.6
peter at korsgaard.com
Thu Jun 10 20:09:19 UTC 2021
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Fix CVE-2021-33516: An issue was discovered in GUPnP before 1.0.7 and
> 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web
> server can exploit this vulnerability to trick a victim's browser into
> triggering actions against local UPnP services implemented using this
> library. Depending on the affected service, this could be used for data
> exfiltration, data tempering, etc.
> Replace patch by upstream commit as current patch doesn't apply cleanly
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2021.02.x, thanks.
Bye, Peter Korsgaard
More information about the buildroot